RE: [Xen-devel] [PATCH 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT
From: Paul Durrant
Date: Thu Feb 09 2017 - 09:48:05 EST
> -----Original Message-----
> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: 09 February 2017 14:43
> To: Paul Durrant <Paul.Durrant@xxxxxxxxxx>
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx; Boris Ostrovsky
> <boris.ostrovsky@xxxxxxxxxx>; Juergen Gross <JGross@xxxxxxxx>; linux-
> kernel@xxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] [PATCH 3/3] xen/privcmd: add
> IOCTL_PRIVCMD_RESTRICT
>
> >>> On 09.02.17 at 15:17, <paul.durrant@xxxxxxxxxx> wrote:
> > @@ -666,6 +680,20 @@ static long privcmd_ioctl_dm_op(void __user
> *udata)
> > return rc;
> > }
> >
> > +static long privcmd_ioctl_restrict(struct file *file, void __user *udata)
> > +{
> > + struct privcmd_data *data = file->private_data;
> > + domid_t dom;
> > +
> > + if (copy_from_user(&dom, udata, sizeof(dom)))
> > + return -EFAULT;
> > +
> > + /* Set restriction to the specified domain */
> > + data->domid = dom;
> > +
> > + return 0;
> > +}
>
> Is it really intended for the caller to be able to undo this, by passing
> in DOMID_INVALID?
Good point. I was intending to fix that, but forgot.
Paul
>
> Jan